On Mon, 01 Dec 2003, Rafa Forcada wrote: > El lun, 01-12-2003 a las 16:42, Peter Palfrader escribió: > > On Mon, 01 Dec 2003, Vyacheslav Mukha wrote: > > > > > This exploit work on my Debian woody 3.r1 and get root . > > > May be that script is instrument . > > > > Which kernel do you have installed? > > It worked on my debian woody 3.r1 too. > > rafa@rafota:~/temp$ uname -r > 2.4.20 > rafa@rafota:~/temp$ ./kptrace > sh-2.05a# whoami > root You are running a kernel that has known security issues. You should install a kernel that has fixed those problems. Please see the following URL for this (I think) specific problem: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0127 Debian woody has fixed kernels which fixed this privilige escalation: kernel-image-2.4.18-1-<something>. apt-cache search kernel-image should give you a list of available kernel images (note that the -1 after 18 is important). "2.4.20" suggests you built your own kernel however. Upgrading to 2.4.23 could be a good idea. HTH Peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred. | : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `- http://www.debian.org/
Attachment:
signature.asc
Description: Digital signature